Skip to content

Commit

Permalink
CVE-2018-14628: dbchecker: use get_deletedobjects_descriptor for miss…
Browse files Browse the repository at this point in the history
…ing deleted objects container

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
  • Loading branch information
metze-samba committed Oct 16, 2023
1 parent 498542b commit 7058606
Showing 1 changed file with 14 additions and 3 deletions.
17 changes: 14 additions & 3 deletions python/samba/dbchecker.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
import ldb
import samba
import time
from base64 import b64decode
from base64 import b64decode, b64encode
from samba import dsdb
from samba import common
from samba.dcerpc import misc
Expand All @@ -29,7 +29,11 @@
from samba.dcerpc import drsblobs
from samba.samdb import dsdb_Dn
from samba.dcerpc import security
from samba.descriptor import get_wellknown_sds, get_diff_sds
from samba.descriptor import (
get_wellknown_sds,
get_deletedobjects_descriptor,
get_diff_sds
)
from samba.auth import system_session, admin_session
from samba.netcmd import CommandError
from samba.netcmd.fsmo import get_fsmo_roleowner
Expand Down Expand Up @@ -351,6 +355,12 @@ def check_deleted_objects_containers(self):
listwko.append('%s:%s' % (wko_prefix, dn))
guid_suffix = ""


domain_sid = security.dom_sid(self.samdb.get_domain_sid())
sec_desc = get_deletedobjects_descriptor(domain_sid,
name_map=self.name_map)
sec_desc_b64 = b64encode(sec_desc).decode('utf8')

# Insert a brand new Deleted Objects container
self.samdb.add_ldif("""dn: %s
objectClass: top
Expand All @@ -359,7 +369,8 @@ def check_deleted_objects_containers(self):
isDeleted: TRUE
isCriticalSystemObject: TRUE
showInAdvancedViewOnly: TRUE
systemFlags: -1946157056%s""" % (dn, guid_suffix),
nTSecurityDescriptor:: %s
systemFlags: -1946157056%s""" % (dn, sec_desc_b64, guid_suffix),
controls=["relax:0", "provision:0"])

delta = ldb.Message()
Expand Down

0 comments on commit 7058606

Please sign in to comment.